Does ST(State Transfer) in REST mean that state must be held by client?

…衆ロ難τιáo~ 提交于 2019-11-29 08:50:06

The idea of honest REST service is to allow easy communication with it to any client, even to the client that is not in a web browser: it could be mobile or desktop application or anything else. So, each request to the service must provide all necessary information to process that request. Keeping the state on server would complicate the task, because clients will not control it.

So, YES, ideally state must be held by clients. BUT, we need to understand clearly what we mean by "state". Because there are different kinds of state out there: Application state, and Resource state. I like the following article about the distinction.

P.S. And BTW, keeping state in cookies would complicate life to clients as well(if they are not web-browsers).

So does it mean we are only about to build a REST application only through putting some user state in the client like cookie?

You don't have to use a permanent storage to do that. If we are talking about browser terms, you can use a javascript program as a client, and you can store the application state (client state) in javascript variables instead of using a server side session and a session cookie.

If your system supports authentication, then you have to send the user identifiers (e.g. username and password) with every request for example in a HTTP auth header. Be aware that REST is mostly for automated clients, not for browsers, but ofc. you can write an automated javascript client for a browser as well.

we can make a stateless application by storing the user data in database or memcache, which avoid storing session in the application server

This is false.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!